Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.
Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.
Control Panel > System Security > Bitlocker Encryption.
BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.
Years ago I thought I was being smart encrypting my home dir on my Linux server. I found out the hard way this prevents remote login over ssh using public key encryption, as the .ssh dir is in the home dir, which is encrypted unless you are already logged in at the time! So every time I wanted to ssh in, I had to plug in a monitor and log in on the console first.
You can install Dropbear into your initramfs and configure it to allow entering the encryption key via SSH. Example guide I found: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
You do have to have an unencrypted
/boot, but the rest of the system can be encrypted. This uses a separateauthorized_keysfile embedded within the initramfs.Thanks!